On Monday, December 8, 1941, President Franklin D. Roosevelt declared the previous Sunday would be "a date which will live in infamy," after the Empire of Japan attacked Pearl Harbor.
Sadly, the attacks 74 years ago that pushed a nation into war are now used as sales and marketing tools in the information security industry and other markets.
When FDR made his speech to Congress on December 8, 1941, Pearl Harbor was still recovering, and the news reports were just starting to catch-up on the events. The speech was brief, intentionally so, because it was supposed to jolt the American public into taking immediate action.
Just over an hour later, Congress declared war against Japan and the U.S. was officially involved in World War II.
World War II is one of my favorite points to study in history, mostly because of my grandfather. He would share stories about his time in Europe and the Pacific theaters and about life in general during the 30s and 40s. I loved it. He was my hero as a child, and in many ways he still is. He was a kid when he went into the service, barely 17 (he lied about his age, as did all his friends), but he was proud to enlist.
Frequently, on or about December 7, I would visit him and we'd talk about the war and whatever came up. When I was in school, he'd augment my lessons in history with these chats. As he and I got older, the chats became shorter, until one day he was tired and didn't feel up to it. Today is the fifth year I've not been able to have my chat with grandpa. I miss him. He died on December 6, 2010.
One of the things that stuck with me over the years was his notion the attacks on Pearl Harbor galvanized the United States, and for my grandfather and his peers, there was a sense of nationalism pushing them to do something – and that something was enlistment.
The first time I heard the term "Cyber Pearl Harbor" was in the late 90s. The news was covering testimony given to Congress by Deputy Defense Secretary, John Hamre.
He warned that the U.S. was "facing the possibility of an electronic Pearl Harbor," adding that such an attack "is not going to be against Navy ships sitting in a Navy shipyard; it is going to be against commercial infrastructure, and we don't control that."
In 2012, Defense Secretary Leon E. Panetta also referenced a Cyber Pearl Harbor, and once again the topic was critical infrastructure.
"[Attackers] could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country," Panetta said.
In 1941, the U.S. had a lot of naval power stationed at Pearl Harbor, and if you want to be loose with the term – it was a single point of failure. You'd have to be really loose here though, because of the eight ships present, four were lost, four were damaged, and three aircraft carriers were out to sea – so Japan didn't takeout the whole fleet.
Still, nothing similar exists online. The Internet has its problems, but no one person or nation is going to take it offline. And attacks against power plants on the east coast aren't going to take the entire country down.
In 1999, during the opening of the Computer Network Defense operations center in Arlington, Va., Deputy Defense Secretary Hamre gave a speech similar to the one given to Congress a few years earlier, but he added depth.
"Several times I've testified and talked on Capitol Hill about the future electronic Pearl Harbor that might happen to the United States. I've used that expression not to talk about surprise attacks. The most important message about Pearl Harbor was the way in which we had actually prepared well in advance for the war that came."
His point was that the Navy had finished the designs for their capital ships prior to Japan's attack. Likewise, most of the designs for the Army Air Forces (USAAF) combat aircraft were also finished prior the attack on Pearl Harbor.
"They had the foresight to see it [war] coming and do something about it," Hamre added. "That really was the message of Pearl Harbor. It wasn't that we got hit. It was that we were ready to respond."
Today, that foresight is exactly what marketing and sales people are hoping executives and business leaders have.
Shortly after Defense Secretary Panetta's comments in 2012, the term Cyber Pearl Harbor circulated far and wide in the media and within InfoSec. It's still cited today whenever the term is referenced.
Most security experts scoff at the phrase itself. However, this tactic works, and security firms aren't the only ones using it.
- Neustar, a cloud-based information and analytics services company, used the concept of a Cyber Pearl Harbor for a webcast: Preparing for 'Cyber Pearl Harbor'
- In 2013, Mosaic, a peer-to-peer solar finance company used the term Cyber Pearl Harbor to promote itself: Could Solar Energy Be America’s Greatest National Security Asset?
- Kaspersky Government Security Solutions, a subsidiary of Kaspersky Labs, says to ignore the hype when it comes to cyber attacks against critical infrastructure and the term Cyber Pearl Harbor. Yet, they push right ahead and immediately proclaim:
"Like 9/11 and Pearl Harbor, the US is ill-prepared to prevent a cyber-attack targeting our critical infrastructure..."
Any time a U.S. government network or a contractor network is attacked, someone will reference Defense Secretary Panetta's comments and mention Pearl Harbor. It was used during coverage of the attacks on Sony Pictures too, which made absolutely no sense.
The point of my rant this morning is pretty basic, and somewhat selfish.
Cyber Pearl Harbor is a tasteless term, and should be a catchphrase for "guard your wallet" or "I have a bridge I'd like to sell you." If you are at all serious about InfoSec, stop using the term and avoid doing business with vendors who do.
Today, December 7, is a day I will relax with some strong coffee and remember my grandfather. Today isn't about the hyped-up, FUD-driven term Cyber Pearl Harbor, it's about remembering the heroes we lost during the real thing.
Critical infrastructure needs fixing and securing, so do countless networks the world over. That's a serious problem, and it will take serious effort to address.
None of that work can be boiled down to a gimmicky phrase, and it shouldn't be.